Country Block

simby · Jun 19, 2010, 7:20 PM

Thanks Tomy :)

XIII · Jun 19, 2010, 8:45 PM

Really good package Tommy, thanks for your help.

darklogic · Jun 21, 2010, 1:24 PM

I am currently running 1.2.3-RELEASE and thanks on the post with information on BlackBerry. I was able to find the CIDR range our BB are using for service. The only thing I am still trying to figure out is how to block the rest of the Country without manually creating an ALIAS list of CANADA IP's? I noticed that the texted is correct under the package interface when making a change to the firewall, that you must save/update the Country Block package to get it running again everytime you make a firewall change. Country Block itself seems to run good without the help of cron. What I think would be neat is to be able to do a block all country and then input an unblock CIDR option under the selected country, that way the whole country would be blocked other than a specified CIDR or list of CIDR's and ranges. Something else I think would be cool is having a log or barnyard dump of data so you can see statistics on blocked country IP's and where the major attacks and brech attempts are comning from.

The package itself is very cool and in early development, but yet is is so effective. I would love to see the Country Block package become a standard integrated part of the pfsense install along with a few other packages such as IP Block, SNORT, Deep Packet Inspection, and E-mail filtering forwarder.

Thanks for all the support and help on this package.

Matt

g4m3c4ck · Jun 24, 2010, 12:29 PM

Why don't you locate the store for the canadian IPs on your local file system and remove the IP range in question?

darklogic · Jun 24, 2010, 6:00 PM

g4m3c4ck

Not sure how to go about doing this? ???

Thanks,

Matt

kapara · Jun 24, 2010, 6:12 PM

Could it be setup so that those rules were applied at the end so that any allows above it in the firewall rules would allow the traffic. I am ssuming 2 things of course. 1. That the rules apply top down… 2. That the package can be configured as such.

Great package when I learned a couple of painful lessons.... ;D

tommyboy180 · Jun 24, 2010, 11:30 PM

@darklogic:

g4m3c4ck

Not sure how to go about doing this? ???

Thanks,

Matt

Right now there is no really decent way to remove IPs from the countryblock table. I will have to make a whitelist addon for the package. Hopefully I can sit down and do that soon. I just haven't had the time.

Supermule · Jun 25, 2010, 5:54 AM

This package has singlehandedly cut down 99,9% of all attemps to hack my SQL databases…. Now I just need the IE fix. Then I will have to promote Tommy to a godlike status.....:D

Thx buddy. This is absolutely one of the best features of PFSense !!

g4m3c4ck · Jun 25, 2010, 4:36 PM

The hard way of solving your problem would be to ssh into your router or manually go to the computer and goto shell.

cd /usr/local/www/packages/countryblock/lists

cp countries.txt countries.txt.bak

nano countries.txt

then find the ip range in question and remove

Keep in mind changes in the country block package will revert these steps.

psotnic · Jun 27, 2010, 5:42 PM

Encountered an error in the system logs:

php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'

Country Block keeps on saying "Current Status = NOT running", pkg reinstall didnt do the trick.
(pfSense 2.0-BETA3 built on Fri Jun 25 16:38:53 EDT 2010)

Supermule · Jun 27, 2010, 5:44 PM

Is this in Firefox or IE?

@Novak:

Encountered an error in the system logs:

php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'

Country Block keeps on saying "Current Status = NOT running", pkg reinstall didnt do the trick.
(pfSense 2.0-BETA3 built on Fri Jun 25 16:38:53 EDT 2010)

psotnic · Jun 27, 2010, 5:46 PM

Firefox.

Supermule · Jun 27, 2010, 5:55 PM

Are you running any other packages on the box?

psotnic · Jun 27, 2010, 5:56 PM

RRD Summary and snort

Supermule · Jun 27, 2010, 6:00 PM

Make a backup and then uninstall Snort. Test again.

psotnic · Jun 27, 2010, 6:14 PM

after deleting snort and reinstalling country block more errors:

Jun 27 20:10:42 php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:07:53 php: /pkg_mgr_install.php: Beginning package installation for Country Block.

Supermule · Jun 27, 2010, 7:00 PM

Can you make a clean install of PFsense and try again??? Just to exclude a corrupted install….

psotnic · Jun 27, 2010, 8:02 PM

Now that you mentioned it, I did a fresh install a few hours ago, BUT I used an old config file from BETA-1 release so this could be the issue. I will reinstall tommorow and try country block before restoring the old config file again.

Supermule · Jun 27, 2010, 8:23 PM

;)

Rune · Jul 3, 2010, 4:20 AM

Tommy - Get your butt moving man. We need to be able to edit the block lists. I know your just slacking at home. :o